Internet, E Mail and
Electronic Communication Policy
This policy is twenty-three (23) page in length, is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and covers:
- Appropriate use of equipment
- Internet access
- Electronic Mail
- Retention of e-mail on personal systems
- E-mail and business records retention
- Copyrighted materials
- Banned activities
- Ownership of information
Included with the policy are forms that can be used to facilitate the implementation of the policy. Included are these ready to use forms:
- Internet & Electronic Communication Employee Acknowledgement (short form)
- E-Mail - Employee Acknowledgement (short form)
- Internet Use Approval Form
- Internet Access Request Form
- Security Access Application Form
The WORD template uses the latest CSS style sheet and can easily be modified to conform to the style used in your enterprise policy manual.
Latest Policy News
World Class CIOs are focusing on wearable device SecurityAugust 2nd, 2015
Wearable Device Security -- Janco Associates has determined that most mobile devices have some major vulnerabilities. They include:
- Insufficient User Authentication/Authorization
- Data Encryption Missing
- Insecure Interfaces
- Software/Firmware Updates Not Secure
- Privacy Controls are missing
The purpose of the Wearable Device Policy Template is to define standards, procedures, and restrictions for end users who have specific and authorized business requirements to use the devices connected via a wireless or unmanaged network outside of ENTERPRISEs direct control.
Wearable Device Policy - It is 17 pages in length. It contains everything that an enterprise needs to implement a functioning and compliant Wearable Devices device and use process. Included are forms defining the mobile device environment.more info
Disaster Recovery DigestJuly 1st, 2015
Disaster Recovery Digest
- Google data center security & disaster recovery This is a great video on physical security as well as the the software security. This is a great primer which all CIOs and Data...
- 10 best practices for cloud disaster recovery Cloud Disaster Recovery 10 Best Practices Creating out a complete cloud disaster recovery infrastructure can be cost prohibitive for many organizations. Ten best practices are:...
- Will your disaster recovery provider be in business when you need them? Disaster Recovery plans that depend on outsourcers face significant additional risk What if your were in Florida and the Hurricane season was in full swing...
- Options for a data center disaster recovery strategy Data Center disaster recovery strategy options A critical component of a disaster recovery business continuity is the data center disaster recovery strategy Hot...
- Infrastructure Key to Data Center Management and Disaster Recovery Infrastructure is key to data center management Data Center Management Issues Your data centers are stuck in a rut. While 90 per cent have...
IT hiring takes off - Over 140,000 jobs added in the last 12 monthsJune 13th, 2015
The IT Job Market job market kicked into higher gear in May, with more than 14,000 new jobs added in the field nationwide.
Janco Associates, which tracks IT jobs and CIO hiring trends, crunched the latest employment data released by the Bureau of Labor Statistics and found hiring in the IT sector once again on an upswing after the relative doldrums of the first quarter.more info
BYOD management key concern of many C-Level executivesJune 2nd, 2015
BYOD management key concern of many C-Level executives
Three concerns for management of BYOD are:
- Take control of BYOD costs by automatically tracking and billing work-related spend on employee-owned devices on almost any network
- Enable employees to be more productive by eliminating time-consuming manual processes
- Reduce the effort and cost of monitoring, processing and reporting BYOD expenses
BYOD Policy Template meets all mandated compliance requirements
Janco, in concert with a number of world class enterprises had created a BYOD Policy Template that addresses these issues and provides solutions for the following questions:
- more info
- What are the legal implication of BYOD - What is the impact of the Stored Communication Act - Record Retention and Destruction?
- What happens to the data and audit trail on a BYOD when an employee leaves the company?
- What about a lost or stolen BYOD?
- How is the BYOD configured to receive and transmit corporate data?
- What kind of passwords are acceptable to use on a BYOD?
- What kind of encryption standards are acceptable for BYOD?
- What types of BYOD are allowed and what types are not?
- What about jail broken, rooted or compromised BYOD?
16 States have 6% unemployment ratesMay 28th, 2015
In the month of April ther are 16 states with an unemployment rate of over 6%. In addition there are 11 states where the unemployment rate has risen in the last 3 months. The states with the greatest increase in unemployment are West Virgina (from 6.1% to 7.0%) and Alaska (from 6.3% to 6,7%.
Will the information agecontinue to disrupt old waysMay 13th, 2015
The information age is upon us and will continue to disrupt old ways of doing things and replace them with new digitally driven processes. Will this transformation be like the Industrial Revolution, painful but ultimately democratizing by increasing incomes and leisure time for the vast majority of Americans? Or will it escalate inequality and continue to hollow out the middle class?
IT Infrastructure Policies and Procedures
One of the best ways to communicate and understand a company and its operating culture is through its policies. Designing and writing policy and communicating it effectively is an essential skill for professionals to have. By having policy carefully developed and communicated, employees will clearly know what the organization expects from them, the degree of control and independence they will have, and what the benefits and consequences are in regard to adhering to policy.more info
Over 42 million security incidents occured in 2014 - Even the White House was hackedApril 27th, 2015
2014 had 42.8 million reported security incidents. That is a 48 percent increase over the previous year. The average size of the financial impact attributed to those incidents was $2.7 million, and the number of organizations reporting incident-related losses of more than $20 million increased 92 percent last year. But the true cost may never be known. As many as 71 percent of compromise victims did not detect the breach themselves, according to a 2014 report.
Policy and Procedure Manual
Compliance Management Made Easy
ISO 27000 / HIPAA / SOX / CobiT / FIPS 199 Compliant
Supports Meaningful Use Compliant Stage Implementation
Includes PCI DSS Audit Program PLUS 24 Electronic Forms that are ready to usemore info
Information risk management definedApril 14th, 2015
Information risk management defined
The components of this IT Management suite are all ready to use as soon as you download them.
There is both a individual license for each item and an enterprise license which allows you to to place the product on your enterprise's INTRANET (not INTERNET) and they can be shared by groups/ divisions/data centers within a single Country / DUNS number.
Information risk management involves eight steps:
- more info
- Identify all the assets that contain or transmit the information you are trying to protect. It may be PII (personal identification information), PHI (protected health information), PCI (payment card information), or any other proprietary or sensitive information important to the business. Those information assets include not only applications but the media that contains those applications, such as servers, back-up tapes, desk tops, laptops, and thumb drives.
- Identifiy threats to those assets. There are typically four categories for threats: environmental (floods, lightning, fires), structural (infrastructure or software failure), accidental (uninformed or careless users), and adversarial (hackers, malicious insiders).
- Identify the vulnerabilities to those assets. For example, no data backup, no encryption, weak passwords, no remote wipe, no surge protection, no training, no access management, no firewalls, no business continuity plans.
- Determine the probability of each threat exploiting every vulnerability. What makes this step particularly hard (in addition to the volume) is the lack of specific data to support a calculable percentage of likelihood. Some organizations use a simple high/medium/low ranking. But there are many metrics for assessing likelihood, including industry breach statistics, data-type breach statistics, data loss statistics by cause, industry complaint statistics, the breach and/or complaint history of your own organization, and the details of any security or privacy incidents.
- Determine thepotential impact on your organization. There are many methods for determining the impact, the easiest being the $200 per breached record as annually determined by the Ponemon Research Institute, or calculating the cost more specifically for your organization using the free Excel model on the ANSI website which provides values for a variety of cost variables involved in a breach. Basically the costs include: remediation (the cost of the control/safeguard that should have been put in before the breach) plus mitigation, remuneration, legal costs, fines or penalties, business distraction, and reputational costs.
- Generate a risk-rating list, with high likelihood/high impact risks at the top, low likelihood/low impact risks at the bottom, and everything else in between.
- Find solutions and determine costs for all risks that have scored above the organizations risk tolerance line.
- Reach a decision on the risk treatment. Lets take, for example, lost or stolen laptops as the risk, which represents about 20% of the health-care breaches listed on the Health and Human Services websites. An unencrypted laptop used in the field could be considered high risk, depending on what safeguards (other than encryption) are in place. The risk can be accepted, transferred (for example, outsourced to clinician group firms), avoided (no more laptops in the field), or mitigated (extra-strong passwords, remote wipe, tracking software, and so on).
BYOD is a challenge for government CIOsMarch 19th, 2015
BYOD is a challenge for government CIOs
The recent incident with the past Secretary of State highlights the fact that during the past few years, many government agencies have been challenged with balancing the hype surrounding bring-your-own-device (BYOD) programs with legitimate opportunities to use BYOD to empower employees and enhance productivity.
While the excitement around BYOD grew and then receded across the broader market, government decision-makers have always viewed it with greater caution with far fewer prioritizing BYOD among their technology initiatives. Our discussions with government stakeholders responsible for evaluating and implementing BYOD programs highlight opportunities to deploy BYOD for specific use cases and selected users such as administrative employees, emergency responders, and temporary personnel. CIOs must provide guidance in defining the appropriate BYOD programs and address key concerns related to security issues and union employee adoption.more info
35 high risk IT projects identified by GAOFebruary 13th, 2015
35 high risk IT projects identified by GAO
35 high risk IT projects have been identified by the GAO in a recent audit of federal IT projects. They fall in the following six areas which cover the breath of the entire federal government:
- Government infrastructure Improvement projects
- Transforming DOD Program Management
- Ensuring Public Safety and Security
- Managing Federal Contracting More Effectively
- Assessing the Efficiency and Effectiveness of Tax Law Administration
- Modernizing and Safeguarding Insurance and Benefit Programs
CIO IT Infrastructure Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
- Backup and Backup Retention Policy (more info...)
- Blog and Personal Web Site Policy (more info...) Includes electronic Blog Compliance Agreement Form
- BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
- Google Glass Policy Template (more info...) Includes electronic Google Glass Access and Use Agreement Form
- Incident Communication Plan Policy (more info...) Updated to include social networks as a communication path
- Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (more info...) Includes 5 electronic forms to aid in the quick deployment of this policy
- Mobile Device Access and Use Policy (more info...)
- Patch Management Policy (more info...)
- Outsourcing and Cloud Based File Sharing Policy (more info...)
- Physical and Virtual Security Policy (more info...)
- Record Management, Retention, and Destruction Policy (more info...)
- Sensitive Information Policy (more info...) HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form
- Service Level Agreement (SLA) Policy Template with Metrics (more info...)
- Social Networking Policy (more info...) Includes electronic form
- Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
- Text Messaging Sensitive and Confidential Information (more Info...)
- Travel and Off-Site Meeting Policy (more info...)
- IT Infrastructure Electronic Forms (more info...)
- more info